System Administrator – ACAS System Security Compliance Administrator

Overview

SMS is seeking a dynamic, motivated individual to serve as a Senior or Mid-Level ACAS System Security Compliance Operator II or III (depends upon experience) in support of the 26 NOS, US Air Force at Maxwell AFB, Gunter Annex. We are seeking an individual for information system administration with a strong cybersecurity knowledge to carry out Vulnerability Assessment Analyst tasks. If you are seeking a fast-paced work environment with ample opportunity to grow, please review the list of responsibilities and qualifications. All need not be met for a successful candidate.

SMS is a fast growing, veteran-owned business that’s has supported Federal Government’s IT initiatives for over four decades.  We work side-by-side with our federal clients as a trusted, long-term partner to offer innovative advice and leadership to solve their most pressing and complex problems. We orchestrate people, strategies, technologies, and best-of-breed business processes. The SMS advantage in management and technology consulting includes deep domain expertise in complex networking design and unifying communities of interest.

Responsibilities

Duties & Responsibilities:

• Operate the security and compliance baseline configuration, inventory, and best practices for the vulnerability management solution (VMS) deployed across multiple unclassified and classified network locations supporting the implementation for Tenable products within Assured Compliance Assessment Solution (ACAS) including .SC (SecurityCenter™) and Nessus® scanners; Also 2.0 Architecture Components: Nessus Networking Monitor (NNM), Nessus Manager and Nessus Agents use cases.
• Work in concert with other Tenable users, operators, integrator, and IA personnel responsible for security compliance within operations and maintaining the ACAS program in multiple enclaves.
• Work alongside SA/ENAT team members to implement tailored security compliance reports, collections, distributions, and separate asset management solutions of dynamic and static lists.
• Coordinate system activities such as deploying, configuring, monitoring, tuning, upgrading, and troubleshooting Tenable components spanning local, remote, and complex environments.
• Assist in meeting compliance requirements while conforming to security standards to aide in reducing gaps in cyber security risk exposure.
• Record configurations, conduct assessments and submit suggestions to scan schedule(s), scanners scan zones, repository management, chart Credentials >Assets >Scans >Reports >Dashboards.
• Assist with installation/maintenance of configuration files, custom security policies, plug-ins, signatures, certificates, STIGs and checklist configuration audits; Create/edit/customizing Nessus compliance “.AUDIT” files to align compliance scans to add vulnerability discovery capabilities into ACAS system
• Responsible for supporting and ensuring external deliverables: DISA/Continuous Monitoring and Risk Scoring (CMRS), importing vulnerability and security audit plug-ins, DoD Patch Repository Defense Asset Distribution System (DADS), build/maintain vulnerability and audit repositories.
• Assist in mapping scan zones, scanners, subnets to include experience leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, McAfee Endpoint Security Solutions (ESS) and/or Microsoft Endpoint Configuration Manager (MECM)
• Administratively responsible for a five to seven person team.
• Implement/create and streamline report dashboard designs, automated custom email report notifications, report repositories for each environment that are specific to the following audiences: Leadership & Executives; Cybersecurity Staff; System Administrators; Application Maintainers
• Follow established change management process, systems access, implement changes or configuration, and test changes. Apply expertise in system administration, information security, and infrastructure to enhance established policies and procedures, operations, and implement best practices in environments.
• Rack and provision government furnished equipment (GFE) servers when applicable.
• Continuously assesses current ACAS implementations for scans, assets, analysis, and permissions.
• Assist with validation and sustainment of documentation such as Security Plans, Network Address Declaration (NAD), security groups/roles/permissions and/or zones/credentials/scans.
• Document ACAS systems for each network to include IP address, Fully Qualified Domain Name (FQDN), DNS entries, Role Based Access Controls (RBAC), service accounts, certifications, licenses, and physical/virtual location of each component.
• Deploy and manage Nessus Agents to servers across environment if and where applicable.
• Ensures networks receive periodic updates from AFCYBER-released software patches, updates, and upgrades via Time Compliance Technical Orders (TCTO), Time Compliance Network Orders (TCNO), Maintenance Tasking Order (MTO) and Notices to Airman (NOTAMs)
• Responsible to assist/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders.
• Maintains the Nessus scanners connectivity with the associated Tenable.sc (formerly SecurityCenter)
• Provide cyber security staff scanning capability and system administration continuity.
• Maintain effective communications with other external and internal teams essential to ACAS operations.
• Create/maintain/implement custom security policies in line with DISA ACAS best practice guidance.
• Assist AF Cyber personnel with the DISA Information Assurance Vulnerability Management (IAVM) programs, cybersecurity toolsets, and Operation Order (OPORD)/Fragmentary Order (FRAGO) support.
• Perform systems analysis, design review, integration of complex system applications.
• Ensure external networks receive cybersecurity inventory reporting for compliance data via ACAS to DISA CMRS, Splunk logging and DoD Enterprise Logging Ingest and Cyber Situational Awareness Refinery (ELICSAR) Big Data Platform (BDP).
• Participate in all phases of the Vulnerability Management (VM) life cycle with emphasis on the scan, patch, rescan and reporting phases.

Qualifications

Qualifications/Requirements:

• Candidate should have 1 to 4 years of years of hands-on experience in:
  • ACAS and/or Tenable.sc (SecurityCenter) or Tenable Nessus products
  • Familiarity using ACAS or Tenable .SC/Nessus best practices.

• Linux-based (RHEL) or Windows operating systems support with experience in mid-to-large enterprise data center environment; familiarity with network patch/update management.
• Exposure interacting with virtualized environments (VMware vSphere, ESXi)
• Must have experience setting up and executing Tenable Nessus scans, review scan data, assess reports and trends through SC interface; determine whether a completed scan provide valid results, and ensure reports/dashboards meet customer needs and expectations.
• Ability to install and patch operating systems, applications, and document Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each Non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ACAS implementations.
• Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills.
• Passion for continuous learning in IT data protection and technical/infrastructure technologies
• Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs.
• Any scripting experience: Bash, Perl, PowerShell, Python, Nessus Attack Scripting Language (NASL)
• Disaster Recovery – knowledge in risk reduction, hot/warm site DR architecture
• Possess refined critical thinking skills, should be a motivated self-starter, and multi-task capable.
• Good communication and interpersonal skills; Ability to follow policies and procedures.

• Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN), VoIP, routers, switches, and firewalls
  • Advanced networking concepts, VLAN, trunking and port channel
  • Thorough understanding of Internet Protocol (IP) routing, switching, and OSI model

SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. 

SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.